UBUNTU-CVE-2026-58374

Source
https://ubuntu.com/security/CVE-2026-58374
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-58374.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-58374
Upstream
Withdrawn
2026-07-07T19:14:31Z
Published
2026-06-30T13:19:00Z
Modified
2026-07-07T21:03:50.301864526Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
  • 7.1 (High) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H CVSS Calculator
  • Ubuntu - medium
Summary
[none]
Details

In hostapd before 2.12, a missing bounds check in AP-mode Wi-Fi 7 (IEEE 802.11be) Multi-Link Operation (MLO) association request processing allows an unauthenticated attacker within wireless range to send a crafted management frame containing a malformed Multi-Link Element or Per-STA Profile subelement. In hostapdprocessmlassocreq() in src/ap/ieee80211eht.c, the received linkid field can be parsed as value 15, but the corresponding links[] storage only has valid entries for lower link IDs (0 through 14). This causes an out-of-bounds write / small memory corruption during association processing before the 4-way handshake. The attack does not require network credentials, prior authentication, or user interaction. The confirmed practical impact is denial of service through hostapd process termination. This affects hostapd v2.11 and newer development snapshots before v2.12 when built with CONFIGIEEE80211BE enabled. The issue is fixed in hostapd v2.12 and the upstream 2026-1 fixes.

References

Affected packages

Ubuntu:16.04:LTS
wpa

Package

Name
wpa
Purl
pkg:deb/ubuntu/wpa?arch=source&distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.4-0ubuntu3
2.4-0ubuntu4
2.4-0ubuntu5
2.4-0ubuntu6
2.4-0ubuntu6.2
2.4-0ubuntu6.3
2.4-0ubuntu6.4
2.4-0ubuntu6.5
2.4-0ubuntu6.6
2.4-0ubuntu6.7
2.4-0ubuntu6.8
2.4-0ubuntu6.8+esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "hostapd",
            "binary_version": "1:2.4-0ubuntu6.8+esm1"
        },
        {
            "binary_name": "wpagui",
            "binary_version": "2.4-0ubuntu6.8+esm1"
        },
        {
            "binary_name": "wpasupplicant",
            "binary_version": "2.4-0ubuntu6.8+esm1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-58374.json"
Ubuntu:18.04:LTS
wpa

Package

Name
wpa
Purl
pkg:deb/ubuntu/wpa?arch=source&distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.4-0ubuntu10
2:2.*
2:2.4-1.1ubuntu1
2:2.6-15ubuntu1
2:2.6-15ubuntu2
2:2.6-15ubuntu2.1
2:2.6-15ubuntu2.2
2:2.6-15ubuntu2.3
2:2.6-15ubuntu2.4
2:2.6-15ubuntu2.5
2:2.6-15ubuntu2.6
2:2.6-15ubuntu2.7
2:2.6-15ubuntu2.8
2:2.6-15ubuntu2.8+esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "hostapd",
            "binary_version": "2:2.6-15ubuntu2.8+esm1"
        },
        {
            "binary_name": "wpagui",
            "binary_version": "2:2.6-15ubuntu2.8+esm1"
        },
        {
            "binary_name": "wpasupplicant",
            "binary_version": "2:2.6-15ubuntu2.8+esm1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-58374.json"
Ubuntu:20.04:LTS
wpa

Package

Name
wpa
Purl
pkg:deb/ubuntu/wpa?arch=source&distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2:2.*
2:2.9-1ubuntu2
2:2.9-1ubuntu3
2:2.9-1ubuntu4
2:2.9-1ubuntu4.1
2:2.9-1ubuntu4.2
2:2.9-1ubuntu4.3
2:2.9-1ubuntu4.4
2:2.9-1ubuntu4.6

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "hostapd",
            "binary_version": "2:2.9-1ubuntu4.6"
        },
        {
            "binary_name": "wpagui",
            "binary_version": "2:2.9-1ubuntu4.6"
        },
        {
            "binary_name": "wpasupplicant",
            "binary_version": "2:2.9-1ubuntu4.6"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-58374.json"
Ubuntu:22.04:LTS
wpa

Package

Name
wpa
Purl
pkg:deb/ubuntu/wpa?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2:2.*
2:2.9.0-21build1
2:2.9.0-23
2:2.10-1
2:2.10-2
2:2.10-6
2:2.10-6ubuntu1
2:2.10-6ubuntu2
2:2.10-6ubuntu2.1
2:2.10-6ubuntu2.2
2:2.10-6ubuntu2.3
2:2.10-6ubuntu2.4

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "eapoltest",
            "binary_version": "2:2.10-6ubuntu2.4"
        },
        {
            "binary_name": "hostapd",
            "binary_version": "2:2.10-6ubuntu2.4"
        },
        {
            "binary_name": "wpagui",
            "binary_version": "2:2.10-6ubuntu2.4"
        },
        {
            "binary_name": "wpasupplicant",
            "binary_version": "2:2.10-6ubuntu2.4"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-58374.json"
Ubuntu:24.04:LTS
wpa

Package

Name
wpa
Purl
pkg:deb/ubuntu/wpa?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2:2.*
2:2.10-15
2:2.10-18
2:2.10-20
2:2.10-21
2:2.10-21build2
2:2.10-21build3
2:2.10-21build4
2:2.10-21ubuntu0.1
2:2.10-21ubuntu0.2
2:2.10-21ubuntu0.3
2:2.10-21ubuntu0.4

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "eapoltest",
            "binary_version": "2:2.10-21ubuntu0.4"
        },
        {
            "binary_name": "hostapd",
            "binary_version": "2:2.10-21ubuntu0.4"
        },
        {
            "binary_name": "wpagui",
            "binary_version": "2:2.10-21ubuntu0.4"
        },
        {
            "binary_name": "wpasupplicant",
            "binary_version": "2:2.10-21ubuntu0.4"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-58374.json"
Ubuntu:25.10
wpa

Package

Name
wpa
Purl
pkg:deb/ubuntu/wpa?arch=source&distro=questing

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2:2.*
2:2.10-24
2:2.11-0ubuntu1
2:2.11-0ubuntu2
2:2.11-0ubuntu3
2:2.11-0ubuntu4

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "eapoltest",
            "binary_version": "2:2.11-0ubuntu4"
        },
        {
            "binary_name": "hostapd",
            "binary_version": "2:2.11-0ubuntu4"
        },
        {
            "binary_name": "wpagui",
            "binary_version": "2:2.11-0ubuntu4"
        },
        {
            "binary_name": "wpasupplicant",
            "binary_version": "2:2.11-0ubuntu4"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-58374.json"
Ubuntu:26.04:LTS
wpa

Package

Name
wpa
Purl
pkg:deb/ubuntu/wpa?arch=source&distro=resolute

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2:2.*
2:2.11-0ubuntu4
2:2.11-0ubuntu5

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "eapoltest",
            "binary_version": "2:2.11-0ubuntu5"
        },
        {
            "binary_name": "hostapd",
            "binary_version": "2:2.11-0ubuntu5"
        },
        {
            "binary_name": "wpagui",
            "binary_version": "2:2.11-0ubuntu5"
        },
        {
            "binary_name": "wpasupplicant",
            "binary_version": "2:2.11-0ubuntu5"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-58374.json"
Ubuntu:Pro:14.04:LTS
wpa

Package

Name
wpa
Purl
pkg:deb/ubuntu/wpa?arch=source&distro=esm-infra-legacy%2Ftrusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.0-3ubuntu2
1.0-3ubuntu3
1.0-3ubuntu4
2.*
2.1-0ubuntu1
2.1-0ubuntu1.1
2.1-0ubuntu1.2
2.1-0ubuntu1.3
2.1-0ubuntu1.4
2.1-0ubuntu1.5
2.1-0ubuntu1.6
2.1-0ubuntu1.7
2.1-0ubuntu1.7+esm1
2.1-0ubuntu1.7+esm2
2.1-0ubuntu1.7+esm3
2.1-0ubuntu1.7+esm4
2.1-0ubuntu1.7+esm5

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "hostapd",
            "binary_version": "1:2.1-0ubuntu1.7+esm5"
        },
        {
            "binary_name": "wpagui",
            "binary_version": "2.1-0ubuntu1.7+esm5"
        },
        {
            "binary_name": "wpasupplicant",
            "binary_version": "2.1-0ubuntu1.7+esm5"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-58374.json"